Kaspersky Says Ready to Comply With India’s Data Localisation Norms

As the political narrative in India appears to be tilting in favour of data localisation, Russia-based global cyber-security firm Kaspersky Lab said it was willing to “adopt and comply” with India’s proposed requirement to store data generated in the country within its borders.

“The data protection bill is not released yet in India. Once this (data localisation) requirement comes out, we need to adopt and we want to comply,” Kaspersky Lab’s Managing Director Stephan Neumeier told IANS on the sidelines of the firm’s 4th Asia Pacific (APAC) cyber-security annual summit here recently.

Goals set in the Draft National Digital Communications Policy 2018, along with various Indian government notifications and guidelines such as the Reserve Bank of India’s notification on Payment Data Storage 2018, and the guidelines for government departments for contractual terms related to Cloud Storage 2017 also show the government’s focus on data localisation.

The rationale behind such proposals has been attributed to various factors, such as: Securing citizens’ data, and ensuring data privacy, data sovereignty, national security, and economic development of the country.

The extensive data collection by technology companies, due to their unfettered access and control of user-data, has allowed them to freely process and monetise Indian users’ data outside the country. This has raised data protection and privacy concerns.

Neumeier said he and other Kaspersky members had discussed the matter with India’s Computer Emergency Response Team (CERT) chief Gulshan Rai in September.

Kaspersky Lab, he said, saw significant support from the Indian government and the demand and interest on “our technology together” was open there.

The talks of data localisation in India could also influence where in Asia Pacific the company sets up its “Transparency Centre” – where data from the region can be stored and processed.

While India is not ideally located for the company’s Asia Pacific Transparency Centre, Neumeier asserted that Kaspersky Lab was ready to find solution for India’s data localisation requirements when it comes.

“Because, if we open a Transparency Centre in India, we will also open a data centre there. And with that, we would have the capabilities to store Indian data in India,” Neumeier said.

Noting that Kaspersky was set to open its first and only Transparency Centre in Zurich, Switzerland, in November, Neumeier said the firm was actively looking at Asia Pacific for a similar set-up and that it had discussed the issue with the Indian government.

“We have all the support that we can imagine from the Indian government. However, we need to look into specific requirements before we make a decision where we are going to open that facility,” Neumeier said.

“One is obviously location. We want to fly in people there. It needs to provide easy accessibility. So, India is probably, for Asia Pacific, not a perfect place because it is not very, very central.”

However, he said, all the other “boxes” like “growth in market, access to good talent are very well checked”.

“The skills and capabilities available in India, you won’t find in many countries in Asia Pacific. People are very highly qualified and they really understand their stuff. So, that is the big check.”

Asked about Kaspersky’s business plan in India, Neumeier said the country is one of the “focus markets in Asia Pacific because of its large population”.

“We see massive investment in the manufacturing area in India as it is already becoming more and more a manufacturing powerhouse. A lot of commercial business is already on the growth path and will be growing in future. So, demand for cyber-security technology is obviously rising.”

With its “Digital India” initiative for increased digitisation, Cyber-security could become a major concern for the Indian government.

Reported attacks on Indian websites have increased nearly five times in the past four years. According to government data, more than 700 government websites that are hosted under “gov.in” and “nic.in” domains have been hacked by cyber-criminals since 2012.

As per the information reported to and tracked by CERT-In, a total number of 44,679; 49,455; 50,362 and 40,054 cyber-security incidents were observed during the year 2014, 2015, 2016 and 2017 (till November), respectively.